Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3WV8maCzeb3mVTJH9EoyMXRjS9I.roa
File:                     3WV8maCzeb3mVTJH9EoyMXRjS9I.roa (raw, json)
Hash identifier:          KyakXSgWfXijb5s0n7zD44H1iMaEMmgpoIYvoa3yZSk=
Subject key identifier:   DD:65:7C:99:A0:B3:79:BD:E6:55:32:47:F4:4A:32:31:74:63:4B:D2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01980314C4DE532A452519E192BC54FEE5C8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3WV8maCzeb3mVTJH9EoyMXRjS9I.roa
Signing time:             Sun 13 Jul 2025 09:19:09 +0000
ROA not before:           Sun 13 Jul 2025 09:19:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48147
IP address blocks:        94.183.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 06:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:03:14:c4:de:53:2a:45:25:19:e1:92:bc:54:fe:e5:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 13 09:19:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd657c99a0b379bde6553247f44a323174634bd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:35:fe:ee:b0:c3:82:8f:98:5f:a9:ad:c4:f0:
                    19:58:e4:7c:d2:43:11:f9:eb:40:2b:5b:29:02:ed:
                    db:df:a0:33:2e:3d:b7:db:54:86:92:c9:16:b5:3e:
                    65:05:fe:eb:6a:61:25:db:3d:1b:f5:59:3c:51:05:
                    50:31:36:4c:72:36:5a:11:2d:ec:84:05:2a:2a:ae:
                    d5:62:9c:b3:4e:dc:f9:e6:6e:a8:26:fc:a9:44:6f:
                    d3:ca:57:0c:fc:17:9c:75:61:0b:91:05:07:ec:ff:
                    45:92:5a:4b:49:d5:e2:2c:4f:a9:c3:a4:1b:c4:2a:
                    df:33:0b:52:5f:7b:ff:8b:02:c3:24:2e:34:72:38:
                    4b:36:2c:03:2f:78:21:29:85:76:32:41:ed:a2:61:
                    6b:1a:31:aa:8e:db:03:f3:3e:1c:21:1f:13:99:68:
                    82:14:7b:a3:4f:66:de:c1:8a:f6:82:6d:db:9a:2b:
                    f2:94:d7:8c:d2:76:eb:6d:b9:2f:72:5b:9c:01:e5:
                    f2:e1:22:77:55:ec:69:6b:bd:8e:52:ec:a9:a4:6b:
                    d6:f4:e6:92:ff:89:98:00:60:ab:83:e1:7c:db:ca:
                    09:58:73:1c:5f:a7:0c:bb:4b:95:cd:97:82:23:0b:
                    2b:60:ab:15:50:5b:ca:b2:08:bd:ef:79:39:92:a3:
                    cc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:65:7C:99:A0:B3:79:BD:E6:55:32:47:F4:4A:32:31:74:63:4B:D2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3WV8maCzeb3mVTJH9EoyMXRjS9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:33:03:80:8d:31:b1:35:a0:3e:3f:07:60:de:a8:75:18:e1:
         43:36:90:55:a8:4f:42:6e:fe:d8:81:5b:c5:9c:3f:54:1b:57:
         bf:10:ae:b9:c7:f6:16:fb:d9:bb:93:1a:f8:12:5a:98:8b:0f:
         38:6a:02:e1:d1:5e:96:e4:bc:d8:fa:81:41:5f:71:fc:0a:f5:
         c2:22:e1:53:00:96:1c:e4:bd:78:d5:a6:f3:5b:97:f3:a0:b5:
         9b:e8:b0:d0:05:11:0f:6c:1f:e9:e5:65:13:1e:2c:44:bb:da:
         fe:14:23:d0:d9:80:87:18:48:bd:4a:51:02:cc:45:4f:b6:1b:
         38:07:b0:91:c3:4b:bd:99:f9:14:a6:0d:8f:8e:31:1e:ec:cb:
         b7:3b:5e:ff:5a:dc:e0:40:c6:90:e2:08:16:d8:d7:6c:39:37:
         79:b5:ce:b9:d6:f8:39:0a:68:e9:3b:de:6c:c9:c1:a0:2d:12:
         d0:d2:3f:7b:a0:d0:d6:56:3a:da:b5:fe:c7:4b:f7:8f:d2:bd:
         9d:b1:de:2d:18:89:4e:65:44:f4:27:af:0c:f6:13:32:c2:e0:
         4c:31:44:69:0b:b6:fc:f9:72:b9:62:85:38:22:1a:68:4a:d1:
         bf:39:33:18:3f:ec:11:b1:14:83:65:84:04:bb:e0:2d:75:14:
         c5:d6:b6:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgDFMTeUypFJRnhkrxU/uXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzEzMDkxOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY1N2M5OWEwYjM3OWJkZTY1NTMyNDdmNDRhMzIzMTc0NjM0YmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDX+7rDDgo+YX6mtxPAZWOR80kMR
+etAK1spAu3b36AzLj2321SGkskWtT5lBf7ramEl2z0b9Vk8UQVQMTZMcjZaES3s
hAUqKq7VYpyzTtz55m6oJvypRG/TylcM/BecdWELkQUH7P9FklpLSdXiLE+pw6Qb
xCrfMwtSX3v/iwLDJC40cjhLNiwDL3ghKYV2MkHtomFrGjGqjtsD8z4cIR8TmWiC
FHujT2bewYr2gm3bmivylNeM0nbrbbkvclucAeXy4SJ3Vexpa72OUuyppGvW9OaS
/4mYAGCrg+F828oJWHMcX6cMu0uVzZeCIwsrYKsVUFvKsgi973k5kqPMXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1lfJmgs3m95lUyR/RKMjF0Y0vSMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvM1dWOG1hQ3plYjNtVlRKSDlFb3lNWFJqUzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXremMA0G
CSqGSIb3DQEBCwUAA4IBAQAfMwOAjTGxNaA+Pwdg3qh1GOFDNpBVqE9Cbv7YgVvF
nD9UG1e/EK65x/YW+9m7kxr4ElqYiw84agLh0V6W5LzY+oFBX3H8CvXCIuFTAJYc
5L141abzW5fzoLWb6LDQBREPbB/p5WUTHixEu9r+FCPQ2YCHGEi9SlECzEVPths4
B7CRw0u9mfkUpg2PjjEe7Mu3O17/WtzgQMaQ4ggW2NdsOTd5tc651vg5CmjpO95s
ycGgLRLQ0j97oNDWVjratf7HS/eP0r2dsd4tGIlOZUT0J68M9hMywuBMMURpC7b8
+XK5YoU4IhpoStG/OTMYP+wRsRSDZYQEu+AtdRTF1rZn
-----END CERTIFICATE-----